Wiki source code of OpenID Connect

Hide last authors

version	line-number	content
1.1	1	{{content/}}
	2
16.4	3	When adding a //OpenID Connect// identity provider the following parameters are requested:
1.1	4
16.4	5	== Base settings ==
1.1	6
16.4	7	{{figure image="openid_base_settings_en.png" clear="h1"}}Basic settings for the configuration of the OpenID Connect identity provider.{{/figure}}
1.1	8
14.1	9	=== Name ===
1.1	10
16.4	11	Name of the identity provider in {{formcycle/}}.
1.1	12
16.4	13	=== Different name on form login button ===
1.1	14
16.4	15	If a form has been configured to offer several authentication options, a dialog will be displayed when opening the form in which an authentication type has to be selected. The text content that should be on the button for this identity provider can be configured here.
1.1	16
16.4	17	If nothing is entered here, the name entered under //Name// is used.
1.1	18
16.4	19	=== Alias for callback URL (UUID) ===
1.1	20
16.4	21	Unique identifier that is used when the identity provider returns to {{formcycle/}}. This value is generated automatically, but can be changed if necessary.
1.1	22
16.4	23	=== Callback URL ===
1.1	24
16.4	25	The URL which is used when returning from the identity provider to {{formcycle/}} is shown here and can be copied to the clipboard by clicking the copy icon to the right of the URL.
1.1	26
16.4	27	== Initially visible buttons ==
1.1	28
16.4	29	Below the base settings there are initially 3 buttons whose functions are intended to help with the configuration of the Facebook identity provider.
1.1	30
16.4	31	=== Send email to provider ===
1.1	32
16.4	33	Opens the e-mail program set up in the system with a pre-formulated request regarding the information required for the configuration of the identity provider in {{formcycle/}}.
1.1	34
16.4	35	=== Help ===
1.1	36
16.4	37	Opens this help page in the browser.
1.1	38
16.4	39	=== Add configuration ===
1.1	40
16.4	41	If the required information has been provided by the identity provider, the area for the configuration of the identity provider can be opened by clicking on this button. Afterwards the area //configuration// which is described below opens.
1.1	42
16.4	43	== Configuration ==
1.1	44
16.4	45	{{figure image="openid_configuration_en.png" clear="h1"}}Configuration options for an OpenID Connect identity provider.{{/figure}}
1.1	46
14.1	47	=== Client ID ===
1.1	48
16.4	49	Unique ID of the configuration that is provided by the identity provider.
1.1	50
14.1	51	=== Client secret ===
1.1	52
16.4	53	Secret key which is used to authenticate your client.
1.1	54
14.1	55	=== Discovery URI ===
1.1	56
16.4	57	URI which is used to determine the properties of the identity provider. It has to be provided by the identity provider.
1.1	58
14.1	59	=== Scope ===
1.1	60
16.4	61	Specifies the permissions that are used by {{formcycle/}} when querying fields from the identity provider.
1.1	62
14.1	63	=== Authentication method ===
1.1	64
16.4	65	Method by which {{formcycle/}} authorizes itself to the identity provider.
1.1	66
14.1	67	=== Response type ===
1.1	68
16.4	69	Type of response from the identity providers after {{formcycle/}} logon.
1.1	70
16.4	71	== Extended settings ==
1.1	72
16.4	73	{{figure image="openid_extended_settings_en.png" clear="h1"}}Advanced settings for configuring an OpenID Connect identity provider.{{/figure}}
1.1	74
16.4	75	By clicking on //Extended settings// additional parameters for the connection with the identity provider can be configured.
1.1	76
14.1	77	=== Response mode ===
1.1	78
16.4	79	Method by which the identity provider sends the logon respone to {{formcycle/}}.
1.1	80
16.4	81	=== Max. authentication lifetime (seconds) ===
1.1	82
16.4	83	Maximum duration of an exisitng login to the identity provider. The default value is {{code language="none"}}-1{{/code}}, which means infinite.
1.1	84
16.4	85	=== Connection Timeout (seconds) ===
1.1	86
16.4	87	Maximum duration for a connection setup to the indentity provider before it is terminated. The default value is {{code language="none"}}500{{/code}} seconds.
1.1	88
16.4	89	=== Max. clock skew (seconds) ===
1.1	90
16.4	91	Maximum allowed difference in system clock times between the {{fcserver/}} and the identity provider. The default value is {{code language="none"}}30{{/code}} seconds.
1.1	92
14.1	93	=== Expire session with token ===
1.1	94
16.4	95	Setting that specifies whether a {{formcycle/}} logon should also expire when the identity provider logon expires. This option is disabled by default.
1.1	96
16.4	97	=== Token expiration advance (seconds) ===
1.1	98
16.4	99	Time period that a {{formcycle/}} logon should expire before the identity provider token. The default value is {{code language="none"}}0{{/code}} seconds.
1.1	100
16.4	101	=== Further parameters ===
1.1	102
16.4	103	In addition to the ones listed above, other parameters can be defined in this table. A //property// and a corresponding //value// must be entered in each line.
16.2	104
16.4	105	=== Direct client activated (HTTP header) ===
16.2	106
16.4	107	{{version major="7" minor="4"}}{{/version}} If activated, a direct OpenId Connect client will be available. A Direct OpenId Connect client performs its authentication logic directly on the request to a protected resource (e.g. the form) by analyzing request headers with JWTs (JSON Web Token) (see below).
16.2	108
16.4	109	=== Direct client activated (Cookie) ===
16.2	110
16.4	111	{{version major="7" minor="4"}}{{/version}} If activated, a direct OpenId Connect client will be available. A direct OpenId Connect client performs its authentication logic directly on the request to a protected resource (e.g. the form) by analyzing the transmitted cookies with JWTs (JSON Web Token).
16.2	112